Hacking and Exploiting Video Game Consoles by both Hardware and Software always had a high demand by many people, not only when we talk about Consoles who had the name "PlayStation" inside. In fact, a lot of Hacks and Exploits can come across aboard when we compare all Releases from a whole year, like in 2018. But as usual, at the end of every year, many Hackers and Developers from all different branches come together to the city of Leipzig, Germany, to present their achievements in front of the wide audience worldwide. So as for this year, the Chaos Computer Club (CCC) welcomes you to join and to participate at the 35th Chaos Communication Congress - or 35C3 in short - which will held from 27th December until 30th December 2018. And because there were always many Hacks and Exploits presented for various Consoles from the "PlayStation-Family" in the past, this Thread will give you a good overview for - as the Title already suggests - Everything you need to know to keep track to the newest "PlayStation-related" Hacks and Exploits. This Thread will also keep updated if you will miss any important presentation for example, so you will be able to watch any Stream or Presentation in repeat. So better keep this Thread here bookmarked in your Favourites. ​

The 35th Chaos Communication Congress (35C3) is an annual four-day conference on technology, society and utopia organised by the Chaos Computer Club (CCC) and volunteers.

The Congress offers lectures and workshops and various events on a multitude of topics including (but not limited to) information technology and generally a critical-creative attitude towards technology and the discussion about the effects of technological advances on society.

This "Lecture" will be probably the highlight for all "PlayStation-related" Talks during the Congress since both very known Developers@yifanluand@DaveeFTWwill present you together their latest and newest achievements in Hacking the PlayStation Vita. This Talk will explain how the security inside the PSVita works and how they "finally defeated it." And their goal is also that their Talk will inspire more people like you to work and to tinker with the PSVita. So this talk shouldn't be missed out don't you think?

Since its release in 2012, the PlayStation Vita has remained one of the most secure consumer devices on the market. We will describe the defenses and mitigations that it got right as well as insights into how we finally defeated it. The talk will be broken into two segments: software and hardware. First, we will give some background on the proprietary security co-processor we deem F00D, how it works, and what we had to do to reverse an architecture with minimal public information. Next, we will talk about hardware attacks on a real world secure hardware and detail the setup process and the attacks we were able to carry out. This talk assumes no prior knowledge in hardware and a basic background in system software. Focus will be on the methods and techniques we've developed along the way.

How do you hack a device running a full featured, security hardened, and completely proprietary operating system executed on a custom designed SoC? Although the PlayStation Vita did not reach the market success of its contemporaries, it was a surprisingly solid device security-wise. Sony learned from the mistakes of PS3 and PSP and there were (mostly) no "FAIL" moments. It carried exploit mitigations that are standard today but groundbreaking for a "popular" device in 2012: SMAP, kernel ASLR, > 2 security domains, and more. Molecule was the first group to run unsigned code on the device as well as the first to hack kernel mode and TrustZone. However, to target the security co-processor (F00D), we need to bring out the big guns. Using a highly customized version of the popular ChipWhisperer hardware, we carried out hardware attacks on the device including fault injection (glitching) and side channel analysis. In a board with twelve layers, dozens of unknown ICs, and hundreds of passives, how do you even begin to attack it without any information? We will start with the basics: a whirlwind tour of the theory behind the attacks. Then we will move to the practical application: mapping out the power domains of a SoC, soldering tips for microscopic points, finding a good trigger signal, finding a glitch target, and searching the right parameters. Finally, if time permits, we will also talk a bit about how to extend our existing setup to perform side channel analysis with a few modifications.

It is unfortunate that the Vita was such a niche device, but we hope this talk will inspire more people to pick it up. The Vita is dead, long live the Vita!

But not only the PSVita will have it's Showcase in front of the audience. One Day before, well-known Developer @m0rph3us1987 will also showcase his achievements in "Exploiting PS4 Video Apps." As already mentioned in a previous post, this Talk will explain you how to run "Unsigned Code" on the PS4 no matter which Firmware you installed on your PS4. Hopefully this Talk will give a "Initial Ignition" to the PS4 and it's Developers to see more Homebrew Apps coming on the PS4.

For more Information about the Talk, please click here.UPDATE: This Talk is already presented, to find additional details, please click here.

The 35C3-Congress is not only about presenting your newest Achievements in front of a wide audience both in front of the people or via the Livestream. The whole Congress in General is also a nice place to meet up with other Hackers and Developers to discuss your newest Achievements just by talking with each other and drinking some coffee or beer etc. Of course everyone can join them if you will visit the Congress as well. Therefore the Organization behind the Congress gives the Hackers and Developers the opportunity to create their own - as they call it - "Assembly Rooms" where you can meet with several Hackers and Developers talking about specific topics.

Well-known Developer @AlexAltea will also be there at such a Assembly talking about Emulation and by giving a new sneak-peek from his early-stage PS4 Emulator, called Orbital.

Like the previous years, console hackers team fail0verflow and CTF aficionado's from Eindbazen are getting together for 35C3. We hope to have some table space at the Hackcenter to set up our consoles, show off our hacks, teach people about them and play some Capture The Flag!

We are a group of console hacking enthusiasts with a special love for the hardware provided by Nintendo. Come say hello if you want to see cool stuff about 3DS and Switch. Some of us think the Wii U is OK too.

Developers from the Dolphin Emulator project and some friends. We emulate the Wii/Gamecube so you can play your favorite Nintendo games in 4K. Other emulators are cool too, come say hello if you worked on one. Feel free to come over to play on our SNES and N64 consoles or bring your Nintendo Switch for some handheld gaming.

10x UPDATE (January 20) - Now the 10th Video Released >>> The next PS3 NVidia RSX accelerated X.org steps(Original Article from Nov. 14) Is the PS3 a bit closer to gaining Hardware Acceleration (via RSX) in OtherOS (Linux) with a proper driver to enable the GPU chip? We are not there, but we may be getting closer to a reality. Earlier this year (back in April) we detailed some of the progress that the busy dev RenéRebe has made with unlocking the potential of the PlayStation 3's RSX chip and now today we have been greeted with a new video and what we can expect with this project as the developer starts to undertake the challenge of further unlocking one more component of the Ps3 hardware,. The developer has alot of videos on other intresting subjects in his diverse YouTube channel >>> (Bits and More) <<< many very informative video's..​

Following the big news from Team Molecule several weeks ago and effectively opening the system wide open, it was only a matter of time before we would start to see other developer's start putting the finding to use and we have seen the FAPS Team (team members listed below)have recently released a new (taiHEN) plugin called ref00d, this plugin is a big deal, as it will allows users/devs to use content that would otherwise require a higher firmware to be played/executed on a lower firmware for your exploited PS Vita or PlayStation TV. Typically not an easy task to reach but thanks to Team Molecule's research and the FAPS Team we now have a ready to use simple plugin solution to remove those firmware restrictions, see additional details about this plugin release in the release notes provided below by the development team.
​

Update (2x): Reports are coming in this PS2 Homebrew is also working on PS3 HAN & PS4 (5.05). With progress making headway on the upcoming PS4 port of RetroArch from a group of developer's, Another developer (fjtrujy) started progress on a PlayStation 2 (PS2) port several months back (view previous progress) and now has a port that progressed enough for a public soft release, Now available in the new RetroArch PS2 Nighties for anyone interested in downloading and trying out the multi-system emulator on your homebrew capable PS2 hardware. @fjtrujy warns that many things need implemented yet and many pending issue remain and only these early release contains two cores currently 2048 and QuickNES. Which is likely to grow and a good gauge to base what is expected for the PS2 port, Would be to view the PSP as that should be a good baseline of what to expect and the PS2 may be able to handy more then the PSP likely.​

I will be excited for the PS3 presentation. There has been no news for Han since a very long time. I wish they do something for superslims. I wish they make hombrew enabler for superslims.

Click to expand...

Just as an FYI - this has nothing to do with the PS3. There is no presentation about the PS3..
The guys working on such a things are here at psx-place so easy to see the status. As been mention literally dozens upon dozens of times by bguerville throughout the months and no better person knows then him ..

Is this applicable to future firmware releases as well? I know its a dumb question.

Click to expand...

I think he's just going to present an entry point in which other developers will be able to port their previous stuff through it on newer firmwares, as well as possibly develop some quality homebrew.
Hopefully someone will get us a current CFW that can work with the 6.02 I've been stuck on all month, since this news first released mind you lol.

It may still be a while yet before we actually see a CFW that will work with this entry point. Or we may get an even bigger surprise. Tis the season

Is this applicable to future firmware releases as well? I know its a dumb question.

Click to expand...

Only until Sony patch it, which is inevitable. Peoples said it works on 6.20 too. However, Video app is not part of the firmware so even on vulnerable fw, they can still update application alone. So be sure to have disabled all three automatic update options and download it from PlayStation Store. But of course the best way is blocked Sony servers on router (besides those with game patches).

@Zazenora If this allow to run unsigend code, it must be not only an entry point. If all of this is true, golden times for PS4 upcoming with "golden firmware" like i.e 3.60 for PSV or 3.40/3.55 for PS3.

So today is 28 Dec and we not have "kernel exploit from video app " or " Top Secret Method " what's going on???!!!!! why there is no Public way to use this Exploit. Is Fake? ( Sorry for my bad English )

So today is 28 Dec and we not have "kernel exploit from video app " or " Top Secret Method " what's going on???!!!!! why there is no Public way to use this Exploit. Is Fake? ( Sorry for my bad English )

Click to expand...

Roxanne is prepping the details of todays events and what it means
Will be news on the mainpage about it soon.